System and Method for the Managed Security Control of Processes on a Computer System

1. A computer-implemented method for implementing security for a computing device comprising the steps of: receiving a notification that a new program is intended for execution on the computing device; determining automatically whether the new program is substantially the same as a program which was previously approved for execution on the computing device; permitting the new program to execute on the computing device similarly to the approved program in response to the new program being substantially the same as the approved program; and monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device in response to the new program not being substantially the same as the approved program, wherein the new program is prevented from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program.

2. The computer-implemented method of claim 1 , further comprising the steps of computing a checksum for the new program; and comparing the checksum for the new program to a checksum for the program which was previously approved for execution on the computing device.

3. The computer-implemented method of claim 1 , further comprising the step of determining if the new program has been modified.

4. The computer-implemented method of claim 1 , further comprising the step of terminating execution of the new program in response to the new program performing suspicious activities.

5. A computer system for implementing security for a computing device, said system comprising: a processor, a random access memory, and a storage device; first program instructions for receiving a notification that a new program is intended for execution on the computing device; second program instructions for automatically determining whether the new program is substantially the same as a program which was previously approved for execution on the computing device; third program instructions, responsive to the new program being substantially the same as the approved program, for permitting the new program to execute on the computing device similarly to the approved program; fourth program instructions, responsive to the new program not being substantially the same as the approved program, for monitoring the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device while preventing the new program from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program; and wherein the first, second, third, and fourth program instructions are stored in the storage device for execution by the processor via the random access memory.

6. The computer system of claim 5 , wherein the second program instructions comprise program instructions for computing a checksum for the new program, and comparing the checksum for the new program to a checksum for the program which was previously approved for execution on the computing device.

7. The computer system of claim 5 , wherein the second program instructions comprise program instructions for determining if the new program has been modified.

8. The computer system of claim 5 , wherein the fourth program instructions comprise program instructions for terminating execution of the new program in response to the new program performing suspicious activities.

9. A computer-readable storage media for implementing security for a computing device, said computer-readable storage media comprising: first program instructions to receive a notification that a new program is intended for execution on the computing device; second program instructions to automatically determine whether the new program is substantially the same as a program which was previously approved for execution on the computing device; third program instructions, responsive to the new program being substantially the same as the approved program, to permit the new program to execute on the computing device similarly to the approved program; and fourth program instructions, responsive to the new program not being substantially the same as the approved program, to monitor the execution of the new program at an operating system kernel by permitting the new program to execute on the computing device while preventing the new program from accessing a specific type of file, using a specific registry setting or making a specific type of network communication that was permitted to the approved program; and wherein said first, second, third and fourth program instructions are stored in said computer-readable storage media.

10. The computer-readable storage media of claim 9 , wherein the second program instructions comprise program instructions to compute a checksum for the new program, and to compare the checksum for the new program to a checksum for the program which was previously approved for execution on the computing device.

11. The computer-readable storage media of claim 9 , wherein the second program instructions comprise program instructions to determine if the new program has been modified.

12. The computer-readable storage media of claim 9 , wherein the fourth program instructions comprise program instructions to terminate execution of the new program in response to the new program performing suspicious activities.